FCA's Dear CEO letter to all the regulated payments and e-money firms

FCA's Dear CEO letter to all the regulated payments and e-money firms

On 16 March 2023, the Financial Conduct Authority (“FCA”) issued a “Dear CEO letter” to all regulated payments and e-money firms (collectively “firms”) setting out its clear expectations of the outcomes on which it wants firms to focus, specifically:

  1. Safeguarding: Ensure that customers’ money is safe. FCA’s approach is focussed on three areas: (i) safeguarding arrangements, (ii) improving prudential risk management, and (iii) maintaining detailed wind-down plans with appropriate triggers and requirements needed.
  2. Financial system integrity: Ensure that firms do not compromise the integrity of the financial system. The FCA’s approach is focused on ensuring firms implement systems and controls to identify, assess, monitor, and manage money laundering risk, including any sanctions exposure and risk as well as address weaknesses in systems and controls to prevent fraud.
  3. Consumer duty: Meet the needs of customers’ including through high quality products and services, competition and innovation and robust implementation of the FCA Consumer Duty. The FCA expects firms to take appropriate action to ensure that it complies with the Duty set out on the 21st of February letter written to payment firms.

Additionally, the FCA highlights cross-cutting priorities that underpin the three outcomes noted above, including governance and oversight, progressing operational resilience requirements by 31 March 2025, and providing regulatory reports to the FCA within reporting deadlines.

In response to the letter, payments firms need to assess themselves against the key outcomes above and notify the FCA of any changes planned or underway.

Specifically, as it relates to ensuring that safeguarding controls are robust, firms need to:

  • identify all relevant funds that they hold, including funds held on behalf of clients, money received for transactions, and fees and charges;
  • segregate client funds from their own to prevent them from being used for any other purpose;
  • establish and maintain effective systems and controls to manage the risks associated with holding relevant funds; and
  • conduct regular internal and external reconciliations of their safeguarding flows to ensure accurate accounting.

The letter also reminds firms of a requirement to conduct an annual audit of their safeguarding arrangements. When performing an audit of safeguarding arrangements, the main considerations are to ensure that the organisation has effective policies, procedures, and systems in place to safeguard relevant funds. This should include reviewing the organisation's risk management and reporting processes, training, reporting, and monitoring and evaluating control effectiveness related to safeguarding.

On the financial system integrity outcome, the letter is a clear call to action to professionals in the financial crime space, with specific focus on anti-money laundering, sanctions compliance and fraud risk mitigation. Payments firms need to review risk and control frameworks to help ensure both the design and effectiveness of controls are robust and commensurate with an approved risk appetite, which should have clear linkage to the risk assessment methodology and reporting processes. Further, as sanctions evasion tactics continue to mature, payment firms need to understand the underlying data and compliance obligations it has on transaction and party screening throughout the end-to-end payment life cycle.

Lastly, in order to meet the requirement of the FCA’s Consumer Duty, firms will need to be able to evidence that:

  • products and services offered meet the needs of an identified target market;
  • products and services are priced correctly and provide value to customers;
  • communications with consumers enable them to understand them and make informed decisions; and
  • consumers are supported throughout the product and service lifecycle.

Evidencing that customers receive good outcomes will require the right data to be in place from 1 August 2023 and for all payment firms to understand, and embed within their cultures, the requirements of the Consumer Duty. This is not a simple task and, in some instances may require a shift in culture of compliance, and will involve having to review products and services, internal processes and control systems and define the outcomes that firms want to deliver. The FCA will be testing the implementation of the Consumer Duty when the new regime starts, so firms need to focus now on their implementation planning.

If you would like to discuss the letter and how best to positively react and respond, please contact one of our Payments specialists, Christine Reisman, Bernadine Reese, Olga Robertson or Stuart O’Sullivan.

Loading...